Iframe-N?: Anti-Malware Software crashes, along with other virus removal tools

I manage a small website that was flagged by Google about a week ago as having malware on it. After looking at the uploaded files, I found a script inserted into all the HTML files between the head and body tags (). The hosting company told me it probably came through an exploit on my computer through an older version of Flash or Adobe Reader. I updated those programs, re-uploaded clean versions of all files to the website, and got the it unblocked by Google.

Since then, a script is back on the site, although I can no longer access is or get FTP access to check the files.

I have updated everything I can think of...Windows Svc Pack 3, IE 8, Firefox 3.5.5, Adobe Reader 9.0...and have even removed all versions of Java and reinstalled with the latest.

I've also tried one virus removal tool after the next, including trying to install one from Sophos which seemed to match what I have. (My research on other sites has indicated Mal/Iframe-N, the "onload if this" infection, and "a return of Gumblar", all of which sound like the same thing.) The malware must be blocking me from downloading it though, because I get a page not found error when I click the link to download the software. (I get the same error when I try to go to symantec.com too.)

And I've been all through the boards at Malwarebytes too, but haven't gotten a response to my posts. Following my research there, I have...

- Installed Anti-Malware and tried to run it, but it crashes a couple seconds after opening.
- I;ve tried renaming the .exe file to .com and also renaming mbam.exe to winlogon.exe (per forum suggestions), but it still crashes in both instances.
- I also uninstalled Anti-Malware and downloaded procexp.exe, renaming it to winlogon.exe and running it. I didn't find any instances of files with numeric names and shield icons next to them, which is what I was supposed to look for and delete.
- I've run RootRepeal and have gotten different results each time I've run it. (It always finds c:/hiberfil.sys, and sometimes finds other files in c:/docs & settings/justine/local settings/temp, but nȯne of them are .sys files or have prefixes matching those in the "CLB Driver list" from the Malwarebytes forum.)
- Avira AntiVir Personal crashes during the installation.
- HijackThis won't install either.

I'm leery to just keep installing random virus removal tools, because I don't want to install a fake on accidentally.

Any help you can give would be GREATLY appreciated!

Thanks,
Justine

Hello.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste BOTH LOGS back here, use more than one post if needed.
  

No go on that one. I tried running it twice and can only assume it's crashing while running because I waited and nothing came up...no logs or anything.

A quick thought: A couple days ago when everything was going haywire, I turned on Windows Firewall. Since then, I no longer see it in the systems tray and have no way of turning it on/off. (I assume the malware took that over as well.) When I launch Windows Security Center and click on the Windows Firewall link, it says it can't be displayed because the associated service isn't running. When I click Yes to starting the Windows Firewall/Internet Connections Sharing (ICS) service, it comes back and tells me it can't start. I don't know if this has any impact on any of these programs running.

Also, each time I reboot my computer, I get two instances of Windows shutting down generic host processes.

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Stupid question: How do I attach a file in my posts to you? I was trying to avoid pasting all the text into this message.

Here's the ComboFix info...

ComboFix 09-11-23.06 - Justine 11/24/2009 17:05.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.589 [GMT -5:00]
Running from: c:\documents and settings\Justine\Desktop\Combo-Fix.exe
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Justine\LOCALS~1\ybgrc.old
c:\windows\system32\drivers\fad.sys
c:\windows\system32\logs

.
((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 )))))))))))))))))))))))))))))))
.

2009-11-23 12:59 . 2009-11-23 12:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-23 12:58 . 2009-11-23 12:58 152576 ----a-w- c:\documents and settings\Justine\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-23 03:04 . 2009-11-23 03:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-11-23 01:11 . 2009-11-23 20:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-22 05:39 . 2009-11-22 05:39 0 ----a-w- c:\documents and settings\Justine\settings.dat
2009-11-21 22:17 . 2009-11-21 22:17 -------- d-sh--w- c:\documents and settings\Justine\IECompatCache
2009-11-21 04:54 . 2009-11-21 04:54 -------- d-----w- c:\documents and settings\Justine\Application Data\AVG8
2009-11-21 04:46 . 2009-11-21 04:46 -------- d-----w- c:\documents and settings\Justine\Application Data\Malwarebytes
2009-11-21 04:46 . 2009-11-21 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-20 21:36 . 2009-11-20 21:36 -------- d-----w- c:\windows\system32\scripting
2009-11-20 21:36 . 2009-11-20 21:36 -------- d-----w- c:\windows\system32\en
2009-11-20 21:36 . 2009-11-20 21:36 -------- d-----w- c:\windows\l2schemas
2009-11-20 21:36 . 2009-11-20 21:36 -------- d-----w- c:\windows\system32\bits
2009-11-20 21:28 . 2009-11-20 21:28 -------- d-----w- c:\windows\EHome
2009-11-20 02:57 . 2009-11-20 02:57 -------- d-sh--w- c:\documents and settings\Justine\PrivacIE
2009-11-20 02:26 . 2009-11-20 02:26 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-11-20 02:26 . 2009-11-20 02:26 -------- d-sh--w- c:\documents and settings\Justine\IETldCache
2009-11-19 22:02 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-11-19 22:02 . 2009-11-19 22:02 -------- d-----w- c:\windows\ie8updates
2009-11-19 22:01 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-11-19 22:01 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-19 21:59 . 2009-11-19 22:01 -------- dc-h--w- c:\windows\ie8
2009-11-17 03:34 . 2009-11-17 03:34 -------- d-----w- c:\documents and settings\Justine\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-11-17 03:31 . 2009-10-10 07:07 38208 ----a-w- c:\documents and settings\Justine\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-17 03:30 . 2009-11-17 03:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-17 03:29 . 2009-11-17 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-11-17 03:29 . 2009-11-17 03:29 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-11-17 03:29 . 2009-11-17 03:40 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-17 03:29 . 2009-11-06 14:20 34112 ----a-w- c:\documents and settings\Justine\Application Data\Mozilla\Firefox\Profiles\bzqrnt37.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-11-17 03:29 . 2009-11-06 14:20 32448 ----a-w- c:\documents and settings\Justine\Application Data\Mozilla\Firefox\Profiles\bzqrnt37.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-11-17 03:29 . 2009-11-06 14:20 22352 ----a-w- c:\documents and settings\Justine\Application Data\Mozilla\Firefox\Profiles\bzqrnt37.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-11-01 18:40 . 2009-11-01 18:40 -------- d-----w- c:\documents and settings\Justine\Local Settings\Application Data\Maptech
2009-11-01 18:06 . 2009-05-11 11:15 2518416 -c--a-w- c:\documents and settings\All Users\Application Data\{39CC9586-821D-4B0A-A3E5-76CED7BBD5CC}\Setup.exe
2009-11-01 18:02 . 2009-11-01 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Maptech
2009-11-01 18:02 . 2009-11-01 18:02 -------- d-----w- c:\program files\Maptech
2009-11-01 17:59 . 2009-11-01 18:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{39CC9586-821D-4B0A-A3E5-76CED7BBD5CC}
2009-11-01 17:56 . 2008-08-20 13:21 44144 -c--a-w- c:\documents and settings\All Users\Application Data\{39CC9586-821D-4B0A-A3E5-76CED7BBD5CC}\OFFLINE\Install Fonts IDE-PlugIn.dll\Install Fonts EXE-PlugIn.dll
2009-11-01 17:56 . 2008-02-06 00:47 101888 -c--a-w- c:\documents and settings\All Users\Application Data\{39CC9586-821D-4B0A-A3E5-76CED7BBD5CC}\OFFLINE\mIDEFunc.dll\mEXEFunc.dll
2009-11-01 17:54 . 2009-11-01 17:54 -------- d-----w- c:\documents and settings\Justine\Application Data\WinBatch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 22:16 . 2007-11-27 16:27 -------- d-----w- c:\documents and settings\Justine\Application Data\Skype
2009-11-23 20:39 . 2007-11-27 16:28 -------- d-----w- c:\documents and settings\Justine\Application Data\skypePM
2009-11-23 12:58 . 2006-03-17 11:55 -------- d-----w- c:\program files\Java
2009-11-22 21:36 . 2008-09-05 14:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-21 02:48 . 2006-03-21 21:02 99376 ----a-w- c:\documents and settings\Justine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-20 21:39 . 2004-08-10 19:03 78535 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-19 21:38 . 2006-03-21 20:07 -------- d-----w- c:\program files\Macromedia
2009-11-19 21:32 . 2007-01-08 08:07 -------- d-----w- c:\program files\Citrix
2009-11-19 21:30 . 2008-01-24 04:34 -------- d-----w- c:\program files\BookSmart
2009-11-17 03:43 . 2006-03-21 20:37 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-17 03:40 . 2006-03-17 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-16 20:17 . 2009-10-16 20:17 -------- d-----w- c:\program files\AutoTask
2009-10-10 07:07 . 2009-11-23 03:03 38208 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-09-26 04:09 . 2007-04-13 04:14 -------- d--h--w- c:\documents and settings\Justine\Application Data\Move Networks
2009-09-23 01:53 . 2009-09-23 01:53 127872 ----a-w- c:\documents and settings\Justine\Application Data\Move Networks\uninstall.exe
2009-09-23 01:53 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Justine\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-09-23 01:53 . 2009-09-23 01:53 1686272 ----a-w- c:\documents and settings\Justine\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
2009-09-11 14:18 . 2004-08-10 18:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-10 18:51 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-11-12 21760296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="1 (0x1)" [X]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-03-17 169472]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 1117184]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-03-17 102400]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AutoTask"="c:\program files\AutoTask\AutoTask.exe" [2009-06-22 335872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-23 149280]

c:\documents and settings\Justine\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 98304]
Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe [2008-5-8 194775]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-3-21 82026]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 98304]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-17 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-23 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=c:\docume~1\Justine\LOCALS~1\ybgrc.old 2yKOEBOFFO

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\GS\\REDIPlus\\Logon Backup\\REDIStart.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [3/17/2006 6:45 AM 87936]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [10/28/2006 9:29 AM 515803]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [7/2/2008 9:01 AM 3768]
S3 REFILERW;REFILERW;c:\windows\system32\drivers\REFILERW.SYS [10/16/2009 3:17 PM 4224]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [10/28/2006 9:29 AM 10986]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\Justine\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [12/12/2007 4:18 PM 32768]
.
Contents of the 'Scheduled Tasks' folder

2009-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll
DPF: {5F738800-9D2F-48CE-999B-B3D66C7E8D24} - hxxp://www.legalworkplace.com/WorkArea/ewebeditpro/ewebeditpro5.cab
DPF: {7B133798-FAA8-4A7E-950D-BEB35D3363AF} - hxxp://192.168.1.104/img/LinksysViewer.cab
DPF: {B40B74C9-C9B3-445C-9397-EC8285292947} - hxxp://www.legalworkplace.com/WorkArea/ewebeditpro/webimagefx.cab
DPF: {C20E8541-3280-40DC-BC3E-D988F63CD907} - hxxp://192.168.1.104/adm/LinksysAlertCfg.cab
DPF: {F5C958D0-8D50-4DFF-8473-B021357DA491} - hxxp://www.legalworkplace.com/WorkArea/ewebdiff/ewebdiff.CAB
FF - ProfilePath - c:\documents and settings\Justine\Application Data\Mozilla\Firefox\Profiles\bzqrnt37.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Justine\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Justine\Application Data\Mozilla\Firefox\Profiles\bzqrnt37.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np793esk32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npampx3.0.84.2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPEktAsset.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPeWebEditPro.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWebImageFX.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKLM-Run-BackupSoft - \BackupSoft.exe
AddRemove-PhotoStreamer 2 - c:\documents and settings\All Users\Application Data\{BA892C10-A262-42D0-B6AD-2ADE4916F871}\PhotoStreamer2Setup.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-Terrain Navigator Pro - c:\documents and settings\All Users\Application Data\{39CC9586-821D-4B0A-A3E5-76CED7BBD5CC}\Setup.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} - c:\program files\Apoint\Uninstap.exe ADDREMOVE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-24 17:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(996)
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(920)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\basfipm.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Apoint\HidFind.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2009-11-24 17:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-24 22:25

Pre-Run: 2,002,886,656 bytes free
Post-Run: 5,048,758,272 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F940A7AC0F10F5D2228E113B36F908EC

I'm leaving now for a short vacation through this Sunday, 11/27. I hope to have internet access where I am, but just in case...please leave this topic open in the event you don't hear from me. I will reply as soon as I can get online.

Thanks!
Justine

Don't worry, I don't close topics.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

No malicious items detected. Is my computer better already?!! What virus scan software would you recommend I put on my computer?

Malwarebytes' Anti-Malware 1.41
Database version: 3229
Windows 5.1.2600 Service Pack 3

11/25/2009 10:01:12 AM
mbam-log-2009-11-25 (10-01-12).txt

Scan type: Quick Scan
Objects scanned: 114129
Time elapsed: 6 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?